Make count check more dynamic in v5

phaag · Jun 16, 2023 · 336cb05 · 336cb05
1 parent 1a71629
commit 336cb05
Show file tree

Hide file tree

Showing 9 changed files with 58 additions and 89 deletions.
diff --git a/src/collector/collector.c b/src/collector/collector.c
@@ -491,4 +491,25 @@ int ScanExtension(char *extensionList) {
     s = q;
     return num;
 
-}  // End of ScanExtension
+}  // End of ScanExtension
+
+char *GetExporterIP(FlowSource_t *fs) {
+#define IP_STRING_LEN 40
+    static char ipstr[IP_STRING_LEN];
+    ipstr[0] = '\0';
+
+    if (fs->sa_family == AF_INET) {
+        uint32_t _ip = htonl(fs->ip.V4);
+        inet_ntop(AF_INET, &_ip, ipstr, sizeof(ipstr));
+    } else if (fs->sa_family == AF_INET6) {
+        uint64_t _ip[2];
+        _ip[0] = htonll(fs->ip.V6[0]);
+        _ip[1] = htonll(fs->ip.V6[1]);
+        inet_ntop(AF_INET6, &_ip, ipstr, sizeof(ipstr));
+    } else {
+        strncpy(ipstr, "<unknown>", IP_STRING_LEN);
+    }
+
+    return ipstr;
+
+}  // End of GetExporterIP
diff --git a/src/collector/collector.h b/src/collector/collector.h
@@ -126,4 +126,6 @@ int FlushInfoExporter(FlowSource_t *fs, exporter_info_record_t *exporter);
 
 int ScanExtension(char *extensionList);
 
+char *GetExporterIP(FlowSource_t *fs);
+
 #endif  //_COLLECTOR_H
diff --git a/src/lib/ipconv.h b/src/lib/ipconv.h
@@ -1,53 +1,47 @@
 /*
- *  Copyright (c) 2017, Peter Haag
- *  Copyright (c) 2014, Peter Haag
- *  Copyright (c) 2009, Peter Haag
+ *  Copyright (c) 2023, Peter Haag
  *  Copyright (c) 2004-2008, SWITCH - Teleinformatikdienste fuer Lehre und Forschung
  *  All rights reserved.
- *  
- *  Redistribution and use in source and binary forms, with or without 
+ *
+ *  Redistribution and use in source and binary forms, with or without
  *  modification, are permitted provided that the following conditions are met:
- *  
- *   * Redistributions of source code must retain the above copyright notice, 
+ *
+ *   * Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright notice, 
- *     this list of conditions and the following disclaimer in the documentation 
+ *   * Redistributions in binary form must reproduce the above copyright notice,
+ *     this list of conditions and the following disclaimer in the documentation
  *     and/or other materials provided with the distribution.
- *   * Neither the name of the author nor the names of its contributors may be 
- *     used to endorse or promote products derived from this software without 
+ *   * Neither the name of the author nor the names of its contributors may be
+ *     used to endorse or promote products derived from this software without
  *     specific prior written permission.
- *  
- *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
- *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
- *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
- *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
- *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
+ *
+ *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ *  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ *  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ *  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ *  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ *  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ *  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ *  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  *  POSSIBILITY OF SUCH DAMAGE.
- *  
+ *
  */
 
 #ifndef _IPCONV_H
 #define _IPCONV_H 1
 
-#include "config.h"
-
-#include <sys/types.h>
-#ifdef HAVE_STDINT_H
 #include <stdint.h>
-#endif
+#include <sys/types.h>
 
-int parse_ip(int *af, const char *src, uint64_t *dst, int *bytes, int lookup, uint32_t *num_ip );
+int parse_ip(int *af, const char *src, uint64_t *dst, int *bytes, int lookup, uint32_t *num_ip);
 
 int set_nameserver(char *ns);
 
 #define MAXHOSTS 512
 
-#define STRICT_IP 	 0
+#define STRICT_IP 0
 #define ALLOW_LOOKUP 1
 
-#endif //_IPCONV_H
+#endif  //_IPCONV_H
diff --git a/src/lib/util.c b/src/lib/util.c
@@ -29,14 +29,12 @@
  *
  */
 
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
 #ifndef SYSLOG_NAMES
 #define SYSLOG_NAMES 1
 #endif
 
+#include "util.h"
+
 #include <arpa/inet.h>
 #include <errno.h>
 #include <limits.h>
@@ -55,8 +53,6 @@
 #include <time.h>
 #include <unistd.h>
 
-#include "util.h"
-
 /* Global vars */
 
 static int verbose = 4;

diff --git a/src/lib/util.h b/src/lib/util.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2009-2022, Peter Haag
+ *  Copyright (c) 2009-2023, Peter Haag
  *  Copyright (c) 2004-2008, SWITCH - Teleinformatikdienste fuer Lehre und Forschung
  *  All rights reserved.
  *

diff --git a/src/netflow/ipfix.c b/src/netflow/ipfix.c
@@ -400,8 +400,6 @@ static int LookupElement(uint16_t type, uint32_t EnterpriseNumber) {
 }  // End of LookupElement
 
 static exporterDomain_t *getExporter(FlowSource_t *fs, uint32_t ObservationDomain) {
-#define IP_STRING_LEN 40
-    char ipstr[IP_STRING_LEN];
     exporterDomain_t **e = (exporterDomain_t **)&(fs->exporter_data);
 
     while (*e) {
@@ -411,17 +409,7 @@ static exporterDomain_t *getExporter(FlowSource_t *fs, uint32_t ObservationDomai
         e = &((*e)->next);
     }
 
-    if (fs->sa_family == AF_INET) {
-        uint32_t _ip = htonl(fs->ip.V4);
-        inet_ntop(AF_INET, &_ip, ipstr, sizeof(ipstr));
-    } else if (fs->sa_family == AF_INET6) {
-        uint64_t _ip[2];
-        _ip[0] = htonll(fs->ip.V6[0]);
-        _ip[1] = htonll(fs->ip.V6[1]);
-        inet_ntop(AF_INET6, &_ip, ipstr, sizeof(ipstr));
-    } else {
-        strncpy(ipstr, "<unknown>", IP_STRING_LEN);
-    }
+    char *ipstr = GetExporterIP(fs);
 
     // nothing found
     *e = (exporterDomain_t *)calloc(1, sizeof(exporterDomain_t));

diff --git a/src/netflow/netflow_v1.c b/src/netflow/netflow_v1.c
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2009-2021, Peter Haag
+ *  Copyright (c) 2009-2023, Peter Haag
  *  Copyright (c) 2004-2008, SWITCH - Teleinformatikdienste fuer Lehre und Forschung
  *  All rights reserved.
  *
@@ -130,8 +130,6 @@ int Init_v1(int verbose) {
 static inline exporter_v1_t *getExporter(FlowSource_t *fs, netflow_v1_header_t *header) {
     exporter_v1_t **e = (exporter_v1_t **)&(fs->exporter_data);
     uint16_t version = ntohs(header->version);
-#define IP_STRING_LEN 40
-    char ipstr[IP_STRING_LEN];
 
     // search the matching v1 exporter
     while (*e) {
@@ -158,17 +156,12 @@ static inline exporter_v1_t *getExporter(FlowSource_t *fs, netflow_v1_header_t *
     (*e)->flows = 0;
     (*e)->sequence_failure = 0;
 
+    char *ipstr = GetExporterIP(fs);
     if (fs->sa_family == PF_INET6) {
         (*e)->outRecordSize = baseRecordSize + EXipReceivedV6Size;
-        uint64_t _ip[2];
-        _ip[0] = htonll(fs->ip.V6[0]);
-        _ip[1] = htonll(fs->ip.V6[1]);
-        inet_ntop(AF_INET6, &_ip, ipstr, sizeof(ipstr));
         dbg_printf("Process_v1: New IPv6 exporter %s - add EXipReceivedV6\n", ipstr);
     } else {
         (*e)->outRecordSize = baseRecordSize + EXipReceivedV4Size;
-        uint32_t _ip = htonl(fs->ip.V4);
-        inet_ntop(AF_INET, &_ip, ipstr, sizeof(ipstr));
         dbg_printf("Process_v1: New IPv4 exporter %s - add EXipReceivedV4\n", ipstr);
     }
 

diff --git a/src/netflow/netflow_v5_v7.c b/src/netflow/netflow_v5_v7.c
@@ -192,8 +192,6 @@ static inline exporter_v5_t *getExporter(FlowSource_t *fs, netflow_v5_header_t *
     sampler_t *sampler;
     uint16_t engine_tag = ntohs(header->engine_tag);
     uint16_t version = ntohs(header->version);
-#define IP_STRING_LEN 40
-    char ipstr[IP_STRING_LEN];
 
     // search the matching v5 exporter
     while (*e) {
@@ -222,17 +220,12 @@ static inline exporter_v5_t *getExporter(FlowSource_t *fs, netflow_v5_header_t *
     (*e)->flows = 0;
     (*e)->first = 1;
 
+    char *ipstr = GetExporterIP(fs);
     if (fs->sa_family == PF_INET6) {
         (*e)->outRecordSize = baseRecordSize + EXipReceivedV6Size;
-        uint64_t _ip[2];
-        _ip[0] = htonll(fs->ip.V6[0]);
-        _ip[1] = htonll(fs->ip.V6[1]);
-        inet_ntop(AF_INET6, &_ip, ipstr, sizeof(ipstr));
         dbg_printf("Process_v5: New IPv6 exporter %s - add EXipReceivedV6\n", ipstr);
     } else {
         (*e)->outRecordSize = baseRecordSize + EXipReceivedV4Size;
-        uint32_t _ip = htonl(fs->ip.V4);
-        inet_ntop(AF_INET, &_ip, ipstr, sizeof(ipstr));
         dbg_printf("Process_v5: New IPv4 exporter %s - add EXipReceivedV4\n", ipstr);
     }
 
@@ -322,15 +315,9 @@ void Process_v5_v7(void *in_buff, ssize_t in_buff_cnt, FlowSource_t *fs) {
 
         // count check
         uint16_t count = ntohs(v5_header->count);
-        if (count > NETFLOW_V5_MAX_RECORDS) {
-            LogError("Process_v5: Unexpected record count in header: %i. Abort v5/v7 record processing", count);
-            fs->nffile->buff_ptr = outBuff;
-            return;
-        }
-
         // input buffer size check for all expected records
         if (size_left < (NETFLOW_V5_HEADER_LENGTH + count * rawRecordSize)) {
-            LogError("Process_v5: Not enough data to process v5 record. Abort v5/v7 record processing");
+            LogError("Process_v5: Exporter: %s Not enough data to process v5 record. Abort v5/v7 record processing", GetExporterIP(fs));
             fs->nffile->buff_ptr = outBuff;
             return;
         }

diff --git a/src/netflow/netflow_v9.c b/src/netflow/netflow_v9.c
@@ -383,8 +383,6 @@ static int LookupElement(uint16_t type, int EnterpriseNumber) {
 }  // End of LookupElement
 
 static inline exporterDomain_t *getExporter(FlowSource_t *fs, uint32_t exporter_id) {
-#define IP_STRING_LEN 40
-    char ipstr[IP_STRING_LEN];
     exporterDomain_t **e = (exporterDomain_t **)&(fs->exporter_data);
 
     while (*e) {
@@ -393,17 +391,7 @@ static inline exporterDomain_t *getExporter(FlowSource_t *fs, uint32_t exporter_
         e = &((*e)->next);
     }
 
-    if (fs->sa_family == AF_INET) {
-        uint32_t _ip = htonl(fs->ip.V4);
-        inet_ntop(AF_INET, &_ip, ipstr, sizeof(ipstr));
-    } else if (fs->sa_family == AF_INET6) {
-        uint64_t _ip[2];
-        _ip[0] = htonll(fs->ip.V6[0]);
-        _ip[1] = htonll(fs->ip.V6[1]);
-        inet_ntop(AF_INET6, &_ip, ipstr, sizeof(ipstr));
-    } else {
-        strncpy(ipstr, "<unknown>", IP_STRING_LEN);
-    }
+    char *ipstr = GetExporterIP(fs);
 
     // nothing found
     *e = (exporterDomain_t *)calloc(1, sizeof(exporterDomain_t));